nadeemshafi9 Posted April 25, 2007 Share Posted April 25, 2007 hello guys " are getting in my way, when i create a user in my application, i cant delte him because " get in the way because i pass the user id throgh the querystring get and it affects obviously the SQL string, i tried replacing them char(32) as there called but no luck anyways i wana stop them getting in. i whant to filter out " from a string i tried using count char and stuff like that but i just cant seem to detect them i know there char(32) because i printed them out. can somone show me how to, for instance just redirect if its found in a string, i know how to redirect just not how to find " Thanks very much for any help it is a bit of an emergencey Quote Link to comment Share on other sites More sharing options...
trq Posted April 25, 2007 Share Posted April 25, 2007 Its very hard to understand your question exactly (English not your first language?) but, prior to storing any users inputted data in the database run it through mysql_real_escape_string. This should fix your issue. Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 ok i seem to be getting somwere with some patches but i still cant filter it out, i can now delte such things as i started adding mysql_real_escape_string( to all my queries for injection protection Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 Its very hard to understand your question exactly (English not your first language?) but, prior to storing any users inputted data in the database run it through mysql_real_escape_string. This should fix your issue. english is my first language but i had a bottle of vodka last night and have been doing my final year project for 6 days and 6 nights and i am a little bit woosy Quote Link to comment Share on other sites More sharing options...
trq Posted April 25, 2007 Share Posted April 25, 2007 english is my first language but i had a bottle of vodka last night and have been doing my final year project for 6 days and 6 nights and i am a little bit woosy Great. Ever thought about giving it a miss until you sober up? Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 my lifes work will come to an end after this one so i cant screw it up, its got AJAX multiple order processing and realtime updates, AJAX fuzzy logic mouseover the item based recordings and reltime advert updating based on your mouse over the items and how long for etc. its prety well documented and i also just finished an ADA fire alarm monitoring system. its these damn small things that get me man at the last moment. looks like im getting somwere please stay tuned as i may need some expert advice. thnx alot man Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 ok things are getting better but im trying to delete a user id called ' OR ''=' here is the SQL $sql = "DELETE FROM users WHERE userid='".mysql_real_escape_string($userid)."';"; it will go in and execute but wont find the id any ideas thnx againa Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 oh i realise its adding the slashes know Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 how can i stop " and ' getting in in the first place i done it before just cant rember Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 25, 2007 Author Share Posted April 25, 2007 1 cracked it Javascript form validation <script language="JavaScript" type="text/JavaScript"> function validate_required(field,alerttxt){ with (field){ pos = value.lastIndexOf("\"") if (value == null || value == "" || pos){ alert(alerttxt); return false } else { return true } } } function validate_form(thisform){ with (thisform){ if (validate_required(userid,"UserID contains error")==false){ email.focus(); return false } if (validate_required(email,"Email contains error")==false){ email.focus(); return false } if (validate_required(password,"Password contains error")==false){ email.focus(); return false } } } </script> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.